Execution Templates
Templates are important components of senhasegura . They are the step-by-step instructions to perform system changes.
The system administrator or any other granted user is able to create new templates according to your needs and execute them on devices that have connectivity compatible with senhasegura .
senhasegura is installed with more than 250 templates out-of-the-box. And inside senhasegura PAM Solution our clients and partners can be updated with more templates developed by the senhasegura team and partners community.
To list all the registered templates, go to the menu Executions ➔ Settings ➔ Templates.
Register a template
Click on the New template button and, on the screen that appears, fill in the following fields:
Template name: Name for better identification;
Executor: Communication technology between the senhasegura and the target device. It will be covered below;
Type of execution: Type of change for which the model will be used. Can be any action from triggered by installed execution' client modules;
Active?: Indicates whether the change template is available for use or not;
Template content: A text area to compose the script instruction. We will present every Executor syntax later;
Click the Save button to complete the registration:
Modify a template
To modify a password change execution template, click the Change template button on the template record.
Templates receive an incremental version, identified in their report by the column Version.
You have access to the previous versions, as well as data about the users who modified the template, through the registration action "Template change history".
Composing a template
Every Executor plugin has its own syntax. But you can use some wildcards properties to be replaced by credentials and devices real properties values. The replacement will occurs when the operation will be executed. Which Device and credential available to be used at the operation time, will be defined by the client module even.
These properties will be replaces by the client module rules. Properties that represents password change will be considered only by password change operations. For an example, Task Manager operations will only replace connection wildcards properties.
[#USERNAME#]: Username of the credential that will have your password changed;
[#NEW_PASSWORD#]: The new password you want the credential to use;
[#CURRENT_PASSWORD#]: The password in use for the credential;
[#AUTH_USER#]: Username of the credential that will be authenticated on the station/system/server to perform the change;
[#AUTH_PASSWORD#]: Password of the credential that will authenticate itself to execute the change;
[#AUTH_DOMAIN#]: Domain of the credential that will authenticate itself to execute the change;
[#ADD_INFO#]: Additional credential information;
[#IP#]: The IP of the credential device that will have the password changed;
[#HOSTNAME#]: The hostname of the credential device that will have the password changed;
[#DOMAIN#]: The domain of the credential device that will have the password changed;
[#SERVER_PATH#]: Path of the credential server that will have the password changed;
Execution Templates Examples
Templates are important components of senhasegura . They are the step-by-step instructions to perform system changes.
You can find and share execution templates in our git repository.
Approval flow for creating and editing runtime templates...
Prerequisite:
After creating an execution template, the approval of a registered approver is required through the Settings ➔ System Parameters ➔ Approvers menu:
- Select the option New from the actions menu
- Select the Executions Module
- Add an approver
- Click SaveExecutions ➔ Settings ➔ Templates, where an execution template cannot be created and approved by the same user.
The status of Template templates
Approved: When the approving user approves the change or creation of a template. Pre-registered: When the approver user has not yet approved the request to create a template or change the content of the template. Under Executions ➔ Settings ➔ Parameters under System Settings Executions:
- Select Yes to enable Approval Workflow for Templates
- Click on Save
The Level Approval option can be enabled, it is located in the access group and users with the approval permission.
These can have some states
Executions ➔ Templates Control Pending: after creating a template, where it will wait for approval or disapproval. Approved: after an administrator has approved the template. Disapproved: after the template is disapproved by an administrator, preventing it from being executed. Cancelled: after the user cancels the registration request or changes to a template. Expired: after the time set to approve or re-approve has expired.